1-Click GitHub Token Theft Vulnerability in VSCode Disclosed

A blog post reveals a security flaw in Visual Studio Code (VSCode) that allows attackers to steal GitHub tokens with a single click. The vulnerability stems from how VSCode manages GitHub authentication flows, enabling token theft without further user interaction. The post includes a proof-of-concept demonstration of the exploit.